Plans supporting single sign on (SSO)
| Professional | Business | Enterprise |
|---|---|---|
SAML 2.0 is an open standard protocol that allows users to access multiple web-based applications with a single set of credentials. This provides a more secure and convenient way for users to access Document360. With SAML 2.0 enabled, Document360 users can log in to the platform using their existing credentials from an identity provider (IdP). Document360 supports the configuration of multiple single sign-on (SSO) endpoints, allowing both team accounts and readers to log in using their preferred identity provider.
Supported identity providers
Document360 supports the following identity providers (IdP):
Okta
Entra ID
Google
Auth0
ADFS
OneLogin
Others
Configuring SSO using SAML
Log in to your Document360 account and navigate to your desired project.
Navigate to Settings () > Users & security > SAML/OpenID.
Click Create SSO.
Select an identity provider from the Choose your Identity Provider (IdP) page.
Select SAML from the Configure the Service Provider (SP) page.
Using the details provided in the Configure the Service Provider (SP) page, configure the Document360 application with the previously selected identity provider.
Using the details provided by the identity provider, setup the SSO configuration in Document360 on the Configure the Identity Provider (IdP) page.
Once you have successfully completed the SSO configuration based on the SAML protocol, you can invite members from your project to the configured SSO application.
Now, users can login to Document360 either using their email and password or using SSO.
Troubleshooting
If you encounter issues during the SAML SSO setup or login, refer to the following common errors and their solutions:
Invalid SAML request (Untrusted key)
Error: An error was encountered while handling the remote login - Invalid SAML Request SAML signature is valid but uses an untrusted key. This error occurs when the SAML certificate uploaded to Document360 is inactive.
Steps to resolve:
To resolve this issue,
Download the active SAML certificate
Access your IdP.
Download the currently active SAML certificate.
Re-upload the certificate in Document360
In Document360, navigate to Settings () > Users & security > SAML/OpenID.
Click Edit for the relevant SSO configuration.
Under Configure the Identity Provider (IdP) section, locate the SAML Certificate field.
Click Browse to upload the new, active certificate.
Uploading the active certificate should resolve the issue.
SAML message signature is invalid
Error:
SignatureInvalid: SAML message signature is invalid.
AssertionSignatureInvalid: SAML Assertion signature is invalid.
Invalid SAML Request: SAML signature is valid but uses an untrusted key.
This error occurs when an incorrect or expired SAML certificate is uploaded to Document360.
Steps to resolve:
Ensure the certificate is valid:
Check if the uploaded certificate is active and not expired.
If needed, generate a new certificate in the Identity Provider (IdP).
Re-upload the correct certificate in Document360:
In Document360, navigate to Settings () > Users & security > SAML/OpenID.
Click Edit for the relevant SSO configuration.
Under Configure the Identity Provider (IdP) section, locate the SAML Certificate field.
Click Browse to upload the new, active certificate.
Capture Logs for Further Analysis (if issue persists)
Add the SAML Tracer extension to your browser.
Open SAML Tracer before starting the SSO login flow.
Perform the action that triggers the SSO process (e.g., clicking Continue with SSO).
SAML Tracer will record all network requests.
Right-click in the SAML Tracer window.
Select Export or save the logs in a suitable format.
For further assistance, contact the Document360 support team with:
Screenshots of your IdP configuration.
The uploaded SAML certificate details.
SAML Tracer logs.